Results 11  20
of
54
VS3: SMT Solvers for Program Verification
, 2009
"... Abstract. We present VS 3, a tool that automatically verifies complex properties of programs and infers maximally weak preconditions and maximally strong postconditions by leveraging the power of SMT solvers. VS 3 discovers program invariants with arbitrary, but prespecified, quantification and logi ..."
Abstract

Cited by 13 (6 self)
 Add to MetaCart
(Show Context)
Abstract. We present VS 3, a tool that automatically verifies complex properties of programs and infers maximally weak preconditions and maximally strong postconditions by leveraging the power of SMT solvers. VS 3 discovers program invariants with arbitrary, but prespecified, quantification and logical structure. The user supplies VS 3 with a set of predicates and invariant templates. VS 3 automatically finds instantiations of the unknowns in the templates as subsets of the predicate set. We have used VS 3 to automatically verify ∀ ∃ properties of programs and to infer worst case upper bounds and preconditions for functional correctness. 1
Interpolants as Classifiers ⋆
"... Abstract. We show how interpolants can be viewed as classifiers in supervised machine learning. This view has several advantages: First, we are able to use offtheshelf classification techniques, in particular support vector machines (SVMs), for interpolation. Second, we show that SVMs can find rel ..."
Abstract

Cited by 12 (6 self)
 Add to MetaCart
(Show Context)
Abstract. We show how interpolants can be viewed as classifiers in supervised machine learning. This view has several advantages: First, we are able to use offtheshelf classification techniques, in particular support vector machines (SVMs), for interpolation. Second, we show that SVMs can find relevant predicates for a number of benchmarks. Since classification algorithms are predictive, the interpolants computed via classification are likely to be invariants. Finally, the machine learning view also enables us to handle superficial nonlinearities. Even if the underlying problem structure is linear, the symbolic constraints can give an impression that we are solving a nonlinear problem. Since learning algorithms try to mine the underlying structure directly, we can discover the linear structure for such problems. We demonstrate the feasibility of our approach via experiments over benchmarks from various papers on program verification.
Beautiful interpolants
 In CAV
, 2013
"... Abstract. We describe a compositional approach to Craig interpolation based on the heuristic that simpler proofs of special cases are more likely to generalize. The method produces simple interpolants because it is able to summarize a large set of cases using one relatively simple fact. In particul ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We describe a compositional approach to Craig interpolation based on the heuristic that simpler proofs of special cases are more likely to generalize. The method produces simple interpolants because it is able to summarize a large set of cases using one relatively simple fact. In particular, we present a method for finding such simple facts in the theory of linear rational arithmetic. This makes it possible to use interpolation to discover inductive invariants for numerical programs that are challenging for existing techniques. We show that in some cases, the compositional approach can also be more efficient than traditional lazy SMT as a decision procedure. 1
Automating relatively complete verification of higherorder functional programs, 2012. http: //www.kb.is.s.utokyo.ac.jp/~uhiro/relcomp
"... We present an automated approach to relatively completely verifying safety (i.e., reachability) property of higherorder functional programs. Our contribution is twofold. First, we extend the refinement type system framework employed in the recent work on (incomplete) automated higherorder veri ..."
Abstract

Cited by 11 (5 self)
 Add to MetaCart
(Show Context)
We present an automated approach to relatively completely verifying safety (i.e., reachability) property of higherorder functional programs. Our contribution is twofold. First, we extend the refinement type system framework employed in the recent work on (incomplete) automated higherorder verification by drawing on the classical work on relatively complete “Hoare logic like ” program logic for higherorder procedural languages. Then, by adopting the recently proposed techniques for solving constraints over quantified firstorder logic formulas, we develop an automated type inference method for the type system, thereby realizing an automated relatively complete verification of higherorder programs.
Transfer Function Synthesis without Quantifier Elimination
"... Abstract. Recently it has been shown how transfer functions for linear template constraints can be derived for bitvector programs by operating over propositional Boolean formulae. The drawback of this method is that it relies on existential quantifier elimination, which induces a computational bott ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Recently it has been shown how transfer functions for linear template constraints can be derived for bitvector programs by operating over propositional Boolean formulae. The drawback of this method is that it relies on existential quantifier elimination, which induces a computational bottleneck. The contribution of this paper is a novel method for synthesising transfer functions that does not rely on quantifier elimination. We demonstrate the practicality of the method for generating transfer functions for both intervals and octagons. 1
Deductive Verification of Continuous Dynamical Systems
 LIPICS LEIBNIZ INTERNATIONAL PROCEEDINGS IN INFORMATICS
, 2009
"... We define the notion of inductive invariants for continuous dynamical systems and use it to present inference rules for safety verification of polynomial continuous dynamical systems. We present two different sound and complete inference rules, but neither of these rules can be effectively applied. ..."
Abstract

Cited by 11 (4 self)
 Add to MetaCart
(Show Context)
We define the notion of inductive invariants for continuous dynamical systems and use it to present inference rules for safety verification of polynomial continuous dynamical systems. We present two different sound and complete inference rules, but neither of these rules can be effectively applied. We then present several simpler and practical inference rules that are sound and relatively complete for different classes of inductive invariants. The simpler inference rules can be effectively checked when all involved sets are semialgebraic.
Automatic abstraction for intervals using boolean formulae
 IN: SAS 2010. LNCS
, 2010
"... Traditionally, transfer functions have been manually designed for each operation in a program. Recently, however, there has been growing interest in computing transfer functions, motivated by the desire to reason about sequences of operations that constitute basic blocks. This paper focuses on deri ..."
Abstract

Cited by 10 (5 self)
 Add to MetaCart
(Show Context)
Traditionally, transfer functions have been manually designed for each operation in a program. Recently, however, there has been growing interest in computing transfer functions, motivated by the desire to reason about sequences of operations that constitute basic blocks. This paper focuses on deriving transfer functions for intervals — possibly the most widely used numeric domain — and shows how they can be computed from Boolean formulae which are derived through bitblasting. This approach is entirely automatic, avoids complicated elimination algorithms, and provides a systematic way of handling wraparounds (integer overflows and underflows) which arise in machine arithmetic.
HAMPI: A String Solver for Testing, Analysis and Vulnerability Detection
"... Abstract. Many automatic testing, analysis, and verification techniques for programs can effectively be reduced to a constraintgeneration phase followed by a constraintsolving phase. This separation of concerns often leads to more effective and maintainable software reliability tools. The increasi ..."
Abstract

Cited by 10 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Many automatic testing, analysis, and verification techniques for programs can effectively be reduced to a constraintgeneration phase followed by a constraintsolving phase. This separation of concerns often leads to more effective and maintainable software reliability tools. The increasing efficiency of offtheshelf constraint solvers makes this approach even more compelling. However, there are few effective and sufficiently expressive offtheshelf solvers for string constraints generated by analysis of stringmanipulating programs, and hence researchers end up implementing their own adhoc solvers. Thus, there is a clear need for an effective and expressive stringconstraint solver that can be easily integrated into a variety of applications. To fulfill this need, we designed and implemented Hampi, an efficient and easytouse string solver. Users of the Hampi string solver specify constraints using membership predicate over regular expressions, contextfree grammars, and equality/disequality between string terms. These terms are constructed out of string constants, bounded string variables, and typical string operations such as
Verification as Learning Geometric Concepts
"... Abstract. We formalize the problem of program verification as a learning problem, showing that invariants in program verification can be regarded as geometric concepts in machine learning. Safety properties define bad states: states a program should not reach. Program verification explains why a pro ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
(Show Context)
Abstract. We formalize the problem of program verification as a learning problem, showing that invariants in program verification can be regarded as geometric concepts in machine learning. Safety properties define bad states: states a program should not reach. Program verification explains why a program’s set of reachable states is disjoint from the set of bad states. In Hoare Logic, these explanations are predicates that form inductive assertions. Using samples for reachable and bad states and by applying well known machine learning algorithms for classification, we are able to generate inductive assertions. By relaxing the search for an exact proof to classifiers, we obtain complexity theoretic improvements. Further, we extend the learning algorithm to obtain a sound procedure that can generate proofs containing invariants that are arbitrary boolean combinations of polynomial inequalities. We have evaluated our approach on a number of challenging benchmarks and the results are promising.
Inductive Invariant Generation via Abductive Inference
"... This paper presents a new method for generating inductive loop invariants that are expressible as boolean combinations of linear integer constraints. The key idea underlying our technique is to perform a backtracking search that combines Hoarestyle verification condition generation with a logical a ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
This paper presents a new method for generating inductive loop invariants that are expressible as boolean combinations of linear integer constraints. The key idea underlying our technique is to perform a backtracking search that combines Hoarestyle verification condition generation with a logical abduction procedure based on quantifier elimination to speculate candidate invariants. Starting with true, our method iteratively strengthens loop invariants until they are inductive and strong enough to verify the program. A key feature of our technique is that it is lazy: It only infers those invariants that are necessary for verifying program correctness. Furthermore, our technique can infer arbitrary boolean combinations (including disjunctions) of linear invariants. We have implemented the proposed approach in a tool called HOLA. Our experiments demonstrate that HOLA can infer interesting invariants that are beyond the reach of existing stateoftheart invariant generation tools. 1.